2
* EAP peer: EAP-TLS/PEAP/TTLS/FAST common functions
3
* Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
5
* This program is free software; you can redistribute it and/or modify
6
* it under the terms of the GNU General Public License version 2 as
7
* published by the Free Software Foundation.
9
* Alternatively, this software may be distributed under the terms of BSD
12
* See README and COPYING for more details.
15
#ifndef EAP_TLS_COMMON_H
16
#define EAP_TLS_COMMON_H
19
* struct eap_ssl_data - TLS data for EAP methods
23
* conn - TLS connection context data from tls_connection_init()
25
struct tls_connection *conn;
28
* tls_out - TLS message to be sent out in fragments
33
* tls_out_len - Total length of the outgoing TLS message
38
* tls_out_pos - The current position in the outgoing TLS message
43
* tls_out_limit - Maximum fragment size for outgoing TLS messages
48
* tls_in - Received TLS message buffer for re-assembly
53
* tls_in_len - Number of bytes of the received TLS message in tls_in
58
* tls_in_left - Number of remaining bytes in the incoming TLS message
63
* tls_in_total - Total number of bytes in the incoming TLS message
68
* phase2 - Whether this TLS connection is used in EAP phase 2 (tunnel)
73
* include_tls_length - Whether the TLS length field is included even
74
* if the TLS data is not fragmented
76
int include_tls_length;
79
* tls_ia - Whether TLS/IA is enabled for this TLS connection
84
* eap - Pointer to EAP state machine allocated with eap_peer_sm_init()
91
#define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80
92
#define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40
93
#define EAP_TLS_FLAGS_START 0x20
94
#define EAP_PEAP_VERSION_MASK 0x07
96
/* could be up to 128 bytes, but only the first 64 bytes are used */
97
#define EAP_TLS_KEY_LEN 64
100
int eap_peer_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
101
struct wpa_ssid *config);
102
void eap_peer_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data);
103
u8 * eap_peer_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
104
const char *label, size_t len);
105
const u8 * eap_peer_tls_data_reassemble(
106
struct eap_ssl_data *data, const u8 *in_data, size_t in_len,
107
size_t *out_len, int *need_more_input);
108
int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
109
EapType eap_type, int peap_version,
110
u8 id, const u8 *in_data, size_t in_len,
111
u8 **out_data, size_t *out_len);
112
u8 * eap_peer_tls_build_ack(struct eap_ssl_data *data, size_t *respDataLen,
113
u8 id, EapType eap_type, int peap_version);
114
int eap_peer_tls_reauth_init(struct eap_sm *sm, struct eap_ssl_data *data);
115
int eap_peer_tls_status(struct eap_sm *sm, struct eap_ssl_data *data,
116
char *buf, size_t buflen, int verbose);
117
const u8 * eap_peer_tls_process_init(struct eap_sm *sm,
118
struct eap_ssl_data *data,
120
struct eap_method_ret *ret,
121
const u8 *reqData, size_t reqDataLen,
122
size_t *len, u8 *flags);
123
void eap_peer_tls_reset_input(struct eap_ssl_data *data);
124
void eap_peer_tls_reset_output(struct eap_ssl_data *data);
125
int eap_peer_tls_decrypt(struct eap_sm *sm, struct eap_ssl_data *data,
126
const u8 *in_data, size_t in_len,
127
u8 **in_decrypted, size_t *len_decrypted);
128
int eap_peer_tls_encrypt(struct eap_sm *sm, struct eap_ssl_data *data,
129
EapType eap_type, int peap_version, u8 id,
130
const u8 *in_data, size_t in_len,
131
u8 **out_data, size_t *out_len);
132
int eap_peer_select_phase2_methods(struct wpa_ssid *config, const char *prefix,
133
struct eap_method_type **types,
135
int eap_peer_tls_phase2_nak(struct eap_method_type *types, size_t num_types,
136
struct eap_hdr *hdr, u8 **resp, size_t *resp_len);
138
#endif /* EAP_TLS_COMMON_H */